Installation
This Add-on is supported on all tiers of a distributed Splunk platform deployment and also on standalone Splunk instances. The table below provides a reference for installing the add-on in a distributed Splunk deployment:
| Splunk instance type | Supported | Required | Comments | 
|---|---|---|---|
| Search Heads | Yes | Yes | All the search time extraction rules takes place on Search Heads | 
| Indexers | Yes | No | All data parsing will be done on heavy forwarder only. | 
| Heavy Forwarders | Yes | Yes | This Add-on supports only heavy forwarder for data collection. | 
| Universal Forwarder | No | No | This Add-on contains Python Scripts to make API calls, hence not supported on Universal Forwarder | 
You can follow the below steps to install the OPSWAT MetaDefender IT Access Add-on for Splunk
- Download the Add-on from Splunkbase here 
- Install the Add-on on your Search Heads and Heavy Forwarder of distributed deployment, you can also install it on IDM if you are on Splunk Cloud. - Login to Splunk server and go to “Manage Apps”, select “install app from File” button and upload the bundle downloaded in step 1.
- Alternatively, you can also extract the bundle in the backend at $SPLUNK_HOME/etc/apps,where$SPLUNK_HOME_is your Splunk installation directory.
 
- After installation, restart the Splunk service. 
You can find more details on how to install an add-on based on your deployment type below:
